Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-57796

Checkmarx affected by JEP-200

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Critical
    • checkmarx-plugin

    Description

      CheckMarx stopped working this afternoon. It had been working in the morning.

      Some Plugins where updated during this time period by CheckMarx (8.90.1) was not.

      step([$class                        : 'CxScanBuilder',
      avoidDuplicateProjectScans    : false,
      comment                       : "Pipeline Scan",
      credentialsId                 : 'checkmarx',
      excludeFolders                : '',
      exclusionsSetting             : 'global',
      failBuildOnNewResults         : true,
      failBuildOnNewSeverity        : 'HIGH',
      fullScanCycle                 : 10,
      generatePdfReport             : true,
      groupId                       : 'XXXXX',
      osaArchiveIncludePatterns     : '*.zip, *.war, *.ear, *.tgz',
      osaInstallBeforeScan          : false,
      preset                        : '100003',
      projectName                   : "${serviceName}${CHECKMARX_PROJECT_TYPE}",
      sastEnabled                   : true,
      sourceEncoding                : '1',
      vulnerabilityThresholdResult  : 'FAILURE'
])

       

      
java.lang.SecurityException: Rejected: com.cx.restclient.dto.ScanResults; see https://jenkins.io/redirect/class-filter/
	at hudson.remoting.ClassFilter.check(ClassFilter.java:77)
	at hudson.remoting.MultiClassLoaderSerializer$Input.resolveClass(MultiClassLoaderSerializer.java:135)
	at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1867)
	at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1750)
	at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2041)
	at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1572)
	at java.io.ObjectInputStream.readObject(ObjectInputStream.java:430)
	at hudson.remoting.UserRequest.deserialize(UserRequest.java:291)
	at hudson.remoting.UserRequest$NormalResponse.retrieve(UserRequest.java:326)
	at hudson.remoting.Channel.call(Channel.java:955)
Caused: java.io.IOException: Failed to deserialize response to UserRequest:com.checkmarx.jenkins.CxScanCallable@40fec119
	at hudson.remoting.Channel.call(Channel.java:963)
	at hudson.FilePath.act(FilePath.java:1072)
	at hudson.FilePath.act(FilePath.java:1061)
	at com.checkmarx.jenkins.CxScanBuilder.perform(CxScanBuilder.java:711)
	at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:80)
	at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:67)
	at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

      Attachments

        Issue Links

          relates to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. JENKINS-47736 JEP-200: Switch Remoting/XStream blacklist to a whitelist

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              sternlir Liran Stern
              haskinsmp Mark Haskins
              Votes:
              5 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated: